<?php
/*
	Copyright 2006, 2007, 2008, 2009, 2010 Bastiaan Grutters
    
    This file is part of Ages of Strife website.

    Ages of Strife website is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Ages of Strife website is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Ages of Strife website.  If not, see <http://www.gnu.org/licenses/>.
 */
include ('../global/initialize.php');

global $dal;

if (isset ($_POST['ruler_name'])) {
	$query = "SELECT count(*) " .
			"FROM ruler " .
			"WHERE name = '" . formatInput($_POST['ruler_name']) . "'";
	$result = mysql_query($query) or die("Query failed : " . mysql_error());
	$row = mysql_fetch_array($result, MYSQL_ASSOC);
	if ($row['count(*)'] > 0) {
		$statement = $dal->prepare( 'SELECT user_id ' .
				'FROM ruler ' .
				'WHERE name = :name' );
		$statement->bindParam( ':name', $_POST[ 'ruler_name' ], PDO::PARAM_STR );
		$userId = $dal->getValue( $statement );
		
		if( isset( $userId ) && $userId != -1 && $userId != $_SESSION[ 'user_id' ] ) {
			$statement = $dal->prepare( 'INSERT INTO access_history ' .
					'( `user_id`, `admin_id`, `ip`, `timestamp` ) ' .
					'VALUES( :user_id, :admin_id, \'\', :timestamp )' );
			$timestamp = time();
			$statement->bindParam( ':user_id', $userId, PDO::PARAM_INT );
			$statement->bindParam( ':admin_id', $_SESSION[ 'user_id' ], PDO::PARAM_INT );
			$statement->bindParam( ':timestamp', $timestamp, PDO::PARAM_INT );
			$dal->execute( $statement );
		}

		$query = "SELECT ruler_id " .
				"FROM ruler " .
				"WHERE name = '" . formatInput($_POST['ruler_name']) . "'";
		$result = mysql_query($query) or die("Query failed : " . mysql_error());
		$row = mysql_fetch_array($result, MYSQL_ASSOC);
		$_SESSION['ruler_id'] = $row['ruler_id'];
		header("Location: ../overview/overview.php");
	} else {
		$_SESSION['lookup_ruler_status'] = $_POST['ruler_name'] . " doesn't exist!";
		header("Location: admin.php");
	}
} else {
	$_SESSION['lookup_ruler_status'] = "Enter a ruler name.";
	header("Location: admin.php");
}
?>
